alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN Amap Scannner Traffic Inbound"; flow:to_server; content:"|79 08 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21|"; classtype:attempted-recon; reference:url,freeworld.thc.org/thc-amap/; reference:url,doc.emergingthreats.net/2008357; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Amap; sid:2008357; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN Amap Scannner Traffic Inbound"; flow:to_server; content:"|79 08 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21|"; classtype:attempted-recon; reference:url,freeworld.thc.org/thc-amap/; reference:url,doc.emergingthreats.net/2008357; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Amap; sid:2008357; rev:2;)

Added 2009-02-11 19:24:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN Amap Scannner Traffic Inbound"; flow:to_server; content:"|79 08 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21|"; classtype:attempted-recon; reference:url,freeworld.thc.org/thc-amap/; sid:2008357; rev:1;)

Added 2008-06-28 12:29:39 UTC


Topic revision: r1 - 2009-02-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats